Select Page

What to Consider when Implementing DRaaS for ransomware protection

According to Gartner, downtime costs more than $5,600 a minute; therefore, every business needs a reliable means of backup and disaster recovery.

Disaster Recovery as a service (DRaaS) provides recovery in the cloud and is a cost-effective and highly efficient enterprise data protection solution to tackle downtime, data security, and improve data availability.

In this blog, we’ll share what backup administrators need to ask themselves in order to choose and set up a DRaaS solution that works for their organization.

Understand Your Current Risk Factor

The number of ransomware attacks is increasing yearly, and every organization is at risk. However, every organization’s risk level will be different. Your organization might be at a higher risk level if your company belongs to a highly targeted industry such as manufacturing, finance or healthcare.

Moreover, compliance regulations, such as FISMA, FedRAMP, CJIS, HIPAA, SOX, FINRA,  require service providers to implement data security and protection measures to prevent data loss, limit downtime, and ensure employee/customer data privacy. While these regulations have improved data access and security for the customer, they have also increased the responsibility of organizations to protect the data against misuse, theft, or loss. Failing to comply with these regulations can result in fines and increase your organization’s risk factor.

On the other hand, in order to comply with these regulations, organizations need to invest in cybersecurity, and backup and disaster recovery solutions; which can be unnecessarily expensive, if not done right.

The best way to ascertain your risk is through a full security assessment to expose the underlining issues and gaps in your current infrastructure and then document those areas which need improvement. This document will help guide the service license agreement conversation with the disaster recovery as a service (DRaaS) provider, leaving little room for surprises and unplanned downtime.

Here are some things that you need to consider for a thorough risk assessment:

  • Identify mission-critical applications.
  • What will be the impact if one or more critical application becomes unavailable?
  • Identify the financial impact of each application becoming unavailable.
  • Document and assess the procedures for the protection of mission-critical applications.
  • Determine the required recovery times for each critical application and what RTPOs you can achieve with remote Disaster Recovery versus local DR site. This will then help decide which DR setup works for which application / workload.

What is the Current State of Your DR and Backup Infrastructure?

If your organization is using a disaster recovery solution and you want to switch to or complement your existing solution with DRaaS, these questions can help simplify the process:

  • How fast can your systems recover? (recovery time and point objectives RTPOs)
  • Can data be restored in the event the primary copy (or copies) is/are unavailable, corrupted, or encrypted?
  • Are backup copies protected, and isolated, from malicious encryption/deletion in the event a hacker/ransomware gains access to the production network?
  • If a hacker, or ransomware, were to gain access to the backup server, are they immutable and safe from modification, or are they at risk of malicious encryption/deletion?
  • Is backup and recovery regularly tested, and updated? Preferably in an isolated environment without impacting production.

Assess the performance and efficiency of the backup and recovery system to determine its capabilities and to learn what improvements you need via a DRaaS solution.

The following should be taken into account to ascertain the current state of your backup and DR infrastructure:

Backup and Disaster Recovery Performance

  • Is data being backed up within the expected time frame?
  • Is the organization meeting its expected service level agreements?
  • Is the DR system capable of meeting set RTPOs in the event of a disaster?

Determining the Backup Quality

  • What is the backup success to failure ratio?
  • Is the infrastructure capable of tracking and resolving failed backup jobs?
  • Are backups regularly tested to ensure that they are recoverable?
  • Is backup data protected at rest and in transit?

Assessing Restore Capabilities

  • Can data be restored if primary backup copy is encrypted or deleted by ransomware?
  • How quickly can the primary system failover in the event production is unavailable?
  • How often are backups tested to ensure they are not corrupted and are available for data recovery when needed?
  • Does the IT team perform exposure and gap analysis between recovery goals and actual capabilities?
  • Is redundancy built into recovery systems (RAID, erasure coding, 3-2-1 strategy, etc.)?

These questions will set realistic expectations and will inform the DRaaS provider about your backup and recovery needs.

What will be the Financial Ramifications of an Outage During a Disaster?

While quantifying the financial impact of a disaster is one part of the equation, you also need to consider the loss of reputation and goodwill, fines, legal implications, and other costs that add to the total cost of unplanned downtime.

Not only do you want to calculate the apparent cost of data loss but also the legal ramifications and the actual impact of the lost information when going for a DRaaS solution. But it is difficult to ascertain exactly how much money you will lose if your critical infrastructure goes down.

For more information, read how to calculate the cost of downtime.

With cloud disaster recovery services, organizations can get reliable offsite recovery without having to invest in hardware. Moreover, organizations can rely on the expertise of the DRaaS service provider which allows them to invest sparingly in hiring professionals with relevant expertise.

Furthermore, cloud DR is a necessary step in building an infrastructure capable of surviving a ransomware attack because it allows administrators to store offsite copies; and secure them with data security features such as immutability and air-gap.

Understanding the Impact of a Disaster on Your Customers

What happens to your customer after your business is affected by a disaster? Today’s businesses demand instant fulfilment of commitments. Even a small amount of downtime can result in loss of customer loyalty, and a minute of downtime can cause a well-built business reputation to collapse.

Additionally, there are numerous cases where a compromise of a service provider’s network led to disruption and losses for their customers. These types of attacks, where a system/network compromise impacts the company’s customers, are called supply chain attacks. An apt example is the Kaseya breach.

Service License Agreements (SLAs) must also take into account the customer experience in the event of a disaster.

By determining which application(s) affect customers the most allows backup administrators to plan RTOs and RPOs and define SLAs accordingly.

Choosing Your Disaster Recovery as a Service (DRaaS) Solution

When choosing a DRaaS solution, it’s important to bear in mind that what works for one, may not work for the other. That’s because production infrastructure is unique to each organization. As a result, the data protection solutions must be designed to complement it which is why they too are unique.

To help you find the right DRaaS for your needs, here are some questions you need to ask when analyzing a solution:

Does it include isolation (or air-gap)?

If backup copies are not isolated and air-gapped, then they are as vulnerable as production. If a hacker or ransomware gains access to the network, then the backup server(s) can end up encrypted which will prevent data recovery.

Are backups immutable?

In the event the hacker or ransomware is to gain access to the backup(s), are they protected from changes/modifications/deletion? If not, then the malicious actors can prevent data recovery by encrypting or deleting the backups.

Furthermore, immutability also helps compliance with industry regulations such as HIPAA, FedRAMP, FISMA, CJIS, and helps organizations get cyber-insurance for their critical applications.

For more on cyber-insurance and immutability, read meet cyber insurance requirements with immutable backups.

Is admin access protected via multi-factor authentication?

Analysis of multiple successful ransomware attacks reveal that hackers gained access to the network via a compromised admin account. Therefore, it’s necessary to control admin access to critical systems, production and backup, using multi-factor authentication (MFA).

Preferably, MFA should be implemented for each endpoint in the system including storage, backup servers, network controllers, etc.

What management options does the DRaaS provider offer?

While it varies based on the vendor, DRaaS is often available with three management options:

  1. Self-Managed DRaaS: The option where the responsibility of configuration, management, monitoring, and restore is taken care of by your in-house IT team. While the service provider provides the backup software, and the secure infrastructure for the backup copies.
  2. Partially Managed DRaaS: In this management option, part of the responsibility of disaster recovery lies with your in-house IT team while the rest is managed by the service provider’s experts. The specifics vary depending on the arrangement between the service provider and the customer.
  3. Fully Managed DRaaS: As the name implies, in this case, all of the responsibility lies with the service provider from installation, configuration, management, monitoring, testing, and to restore; everything’s included.

Who is responsible for what?

Considering the specificity and requirements of most data protection and data privacy regulations, it’s necessary to clarify the responsibilities of the service provider versus the data owner.

Depending on the chosen DRaaS management option, the scope of the responsibility may vary. However, it’s important to note that regardless of who manages what, while DRaaS provide the backup tools and management, it’s the responsibility of the data owner (the customer), to ensure effective data security and data protection. This includes any liability that may incur in the event of a disaster.

Conclusion

Disaster Recovery as a Service (DRaaS) provides the necessary tools to organizations to protect employee/customer data from cyber-threats such as ransomware, hackers, malicious employees, etc.

The primary benefit of DRaaS is that businesses gain access to professional data protection capabilities without having to invest in hardware or spending time training IT personnel. Moreover, the organization remains protected even if an in-house expert is unavailable which is a fix to situations where employees are sick, on leave/vacation, or when they leave the company.

Furthermore, with capabilities such as cloud air-gapped backups and immutability, DRaaS can be the difference between complete disruption and data loss, and a minor inconvenience; in the event of a ransomware attack.

Looking to protect your critical applications using disaster recovery as a service (DRaaS)? We can help!

Check out our backup and disaster recovery as a service (BDRaaS) solution for more details. Got questions? Fill out the form on our contact us page to talk to our experts for demos, quotes, and more information.

Conti Ransomware: In-Depth Technical Breakdown

Conti Ransomware: In-Depth Technical Breakdown

Conti ransomware has earned notoriety, notably for its involvement in the Costa Rican government hack. Operating as a ransomware-as-a-service (RaaS) group, Conti specializes in infiltrating networks, encrypting crucial data, and extorting exorbitant sums of money. In...

Supply Chain Attack: The Achilles’ Heel of Enterprise Security

Supply Chain Attack: The Achilles’ Heel of Enterprise Security

Supply chain attacks have emerged as a formidable threat vector in the landscape of cybercrime, posing significant risks to enterprises of all sizes and industries. Among the various tactics employed by threat actors, ransomware attacks leveraging supply chain...

How to Set Up S3 Object Storage for Veeam Data Platform

How to Set Up S3 Object Storage for Veeam Data Platform

Veeam v12 introduced Direct-to-Object storage, enabling S3 object storage as the primary backup repository. Prior to this, S3 object storage integration relied on Veeam's Scale-Out Backup Repository (SOBR), using a performance tier and a capacity tier, which extended...

Watering Hole Attacks Unveiled: A Comprehensive Cyberthreat Overview

Watering Hole Attacks Unveiled: A Comprehensive Cyberthreat Overview

Watering hole attacks, akin to their namesake in the natural world where predators strategically position themselves near watering holes to intercept prey, have become a significant peril in the digital realm. In the vast landscape of cybersecurity, understanding the...

Man-in-the-Middle Attack: Cyberthreat Amidst Data Streams

Man-in-the-Middle Attack: Cyberthreat Amidst Data Streams

In the fast-paced arena of enterprise-level digital operations, the looming threat of cyber vulnerabilities demands our undivided attention. Among these threats, the Man-in-the-Middle (MitM) attack emerges as a silent, yet formidable, adversary capable of infiltrating...

You May Also Like

Subscribe To Our Newsletter

Join our mailing list to receive the latest news, updates, and promotions from StoneFly.

Please Confirm your subscription from the email